Cyber Incident Victim: Centre hospitalier universitaire Saint-Pierre
Date:
Mar 2023
Location:
Belgium
Summary
A cyberattack targeted a university hospital in Brussels, prompting ambulance diversions and disruption of IT systems, which led staff to temporarily rely on paper records. The institution activated its emergency response plan, disconnecting servers from the internet and restoring full IT functionality within two days, though systems remained offline for external connectivity and its website was inoperable. No confirmed data theft or leaks were identified at the time, with an ongoing investigation into the incident. The attack followed similar incidents affecting other European healthcare providers, including a French university hospital and a ransomware incident in Barcelona that canceled thousands of appointments.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 4 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 10, 2023, in the early hours of Friday morning, the Centre Hospitalier Universitaire (CHU) Saint-Pierre in Brussels suffered a cyberattack that disrupted its operations. The hospital implemented its pre-established emergency plan for cyber incidents, a measure developed in response to prior attacks on other Belgian healthcare institutions. Immediately following the attack, staff reverted to paper-based record-keeping to maintain patient care continuity. By Saturday afternoon, the institution successfully disconnected its affected servers from the internet and managed to restart them, restoring 100% of its IT applications. However, the servers remained offline from external networks as a precautionary containment measure. During the initial disruption period, emergency dispatchers diverted ambulances to other hospitals for several hours to prevent overloading CHU Saint-Pierre’s capacity. The hospital’s public-facing website remained inaccessible the following Monday, three days after the incident began.
The attack prompted an ongoing investigation, though no specific threat actor group or attack vector was publicly identified by the hospital’s leadership at the time of reporting. CEO Pierre Leroy confirmed no evidence of medical data theft or leaks had been detected as of March 11, though he emphasized the need for continued caution pending further forensic analysis. Operational parallels were noted with an attack on CHU Brest in France the previous day, March 9, where similar containment measures—including network disconnection—were implemented, though no confirmed connection between the two incidents was established. CHU Saint-Pierre’s incident occurred amid broader regional disruptions, including a ransomware attack against Barcelona’s main hospital the same week attributed to the Ransom House group, though no attribution link was made to the Brussels attack. The hospital’s emergency plan proved effective in maintaining core operations despite temporary service reductions and the suspension of internet-dependent communications.